martes, enero 31, 2023
  • Acceso
  • Registro
  • Sobre
  • Anunciar
  • Contacto
Web3 Domains℠
  • 🏠 Inicio
  • Web3 Noticias
    • 📰 Tecnología
      The ENS Referral Protocol Post Cover

      The ENS Referral System: Adding an Affiliate Program to ENS Protocol

      What is the ENS Name Wrapper Post Graphic

      Envoltura de nombres ENS: características, beneficios y posibilidades en Web3

      ENS Domains, Lost NFT Relics Post Graphics

      Dominios ENS, reliquias perdidas de NFT

      Etiquetas de tendencia

      • Puntas
      • Ventas
      • Guías
      • Identidad
      • Dominios
      • club 999
    • 📰 Integraciones
      ENS Normalization Updates & Benefits

      ENS Normalization Updates & Benefits

      The ENS Referral Protocol Post Cover

      The ENS Referral System: Adding an Affiliate Program to ENS Protocol

      Using ENS With BTCPay Server (Guide)

      Using ENS With BTCPay Server (Guide)

      Etiquetas de tendencia

      • Puntas
      • Ventas
      • Guías
      • Identidad
      • Dominios
      • club 999
    • 📰 Cultura
      ENS and Unstoppable Domains Comparisson

      ENS vs Unstoppable Domains

      Impulse Buying ENS Domains

      Impulse Buying ENS Domains

      Rebuilding Trust with Web3 Journalism

      Rebuilding Trust with Immutable-Web3 Journalism

      Etiquetas de tendencia

      • Puntas
      • Ventas
      • Guías
      • Identidad
      • Dominios
      • club 999
    • 📰 Ecosistema
      ENS Normalization Updates & Benefits

      ENS Normalization Updates & Benefits

      Lens Protocol Partners with ENS

      Lens Protocol Partners with ENS

      The ENS Referral Protocol Post Cover

      The ENS Referral System: Adding an Affiliate Program to ENS Protocol

      Etiquetas de tendencia

      • Puntas
      • Ventas
      • Guías
      • Identidad
      • Dominios
      • club 999
    • 📰 Ventas de nombres
      The Mystery 👨.eth Wallet Post Cover

      Mystery of the “👨‍🦲.eth” Wallet

      Brands are Racing to Secure their ENS Names

      Brands Racing to Secure Their ENS Names!?

      SIGNVM Onboards Hublot into ENS Post Coveer

      SIGNVM incorpora Hublot a ENS

      Etiquetas de tendencia

      • Puntas
      • Ventas
      • Guías
      • Identidad
      • Dominios
      • club 999
    • 📰 Seguridad
      #4 Web3 Security Practices Post Cover Graphics

      Mejores prácticas de seguridad Web3: Parte 4

      #3 Web3 Security Practices Post Cover Graphics

      Prácticas recomendadas de seguridad Web3: Parte 3

      #2 Web3 Security Practices Post Cover Graphic

      Mejores prácticas de seguridad Web3: Parte 2

      Etiquetas de tendencia

      • Puntas
      • Ventas
      • Guías
      • Identidad
      • Dominios
      • club 999
  • Identidad Web3
    • Paso 1️⃣ Mint or Buy Web3 Name
    • Paso 2️⃣ Establecer nombres de usuario principales
    • Paso 3️⃣ Establecer imagen de perfil de avatar
    • Paso 4️⃣ Agregar otros registros de texto
    • Paso 5️⃣ Agregar direcciones criptográficas
    • Paso 6️⃣ Usar sitios web IPFS/TOR
  • Foros Web3
    • 🔐 Consejos de seguridad y privacidad
    • 🛠 Herramientas/Recursos Web3
    • ⚖️ Web3 Derecho/Temas Legales
    • 🕸 ICANN/DNS como Web3
    • 🦾 SIWE + Integraciones
    • ♣︎ Clubes de nombres de dominio
  • Capitalización de mercado de Web3
    • 💵 Ficha $ENS
    • 💸 Gráficos $ENS
es_ES Spanish
es_ES Spanish en_US English fr_FR French zh_CN Chinese de_DE_formal German ar Arabic pl_PL Polish it_IT Italian pt_BR Portuguese
Sin resultados
Ver todos los resultados
Web3 Domains℠
  • 🏠 Inicio
  • Web3 Noticias
    • 📰 Tecnología
      The ENS Referral Protocol Post Cover

      The ENS Referral System: Adding an Affiliate Program to ENS Protocol

      What is the ENS Name Wrapper Post Graphic

      Envoltura de nombres ENS: características, beneficios y posibilidades en Web3

      ENS Domains, Lost NFT Relics Post Graphics

      Dominios ENS, reliquias perdidas de NFT

      Etiquetas de tendencia

      • Puntas
      • Ventas
      • Guías
      • Identidad
      • Dominios
      • club 999
    • 📰 Integraciones
      ENS Normalization Updates & Benefits

      ENS Normalization Updates & Benefits

      The ENS Referral Protocol Post Cover

      The ENS Referral System: Adding an Affiliate Program to ENS Protocol

      Using ENS With BTCPay Server (Guide)

      Using ENS With BTCPay Server (Guide)

      Etiquetas de tendencia

      • Puntas
      • Ventas
      • Guías
      • Identidad
      • Dominios
      • club 999
    • 📰 Cultura
      ENS and Unstoppable Domains Comparisson

      ENS vs Unstoppable Domains

      Impulse Buying ENS Domains

      Impulse Buying ENS Domains

      Rebuilding Trust with Web3 Journalism

      Rebuilding Trust with Immutable-Web3 Journalism

      Etiquetas de tendencia

      • Puntas
      • Ventas
      • Guías
      • Identidad
      • Dominios
      • club 999
    • 📰 Ecosistema
      ENS Normalization Updates & Benefits

      ENS Normalization Updates & Benefits

      Lens Protocol Partners with ENS

      Lens Protocol Partners with ENS

      The ENS Referral Protocol Post Cover

      The ENS Referral System: Adding an Affiliate Program to ENS Protocol

      Etiquetas de tendencia

      • Puntas
      • Ventas
      • Guías
      • Identidad
      • Dominios
      • club 999
    • 📰 Ventas de nombres
      The Mystery 👨.eth Wallet Post Cover

      Mystery of the “👨‍🦲.eth” Wallet

      Brands are Racing to Secure their ENS Names

      Brands Racing to Secure Their ENS Names!?

      SIGNVM Onboards Hublot into ENS Post Coveer

      SIGNVM incorpora Hublot a ENS

      Etiquetas de tendencia

      • Puntas
      • Ventas
      • Guías
      • Identidad
      • Dominios
      • club 999
    • 📰 Seguridad
      #4 Web3 Security Practices Post Cover Graphics

      Mejores prácticas de seguridad Web3: Parte 4

      #3 Web3 Security Practices Post Cover Graphics

      Prácticas recomendadas de seguridad Web3: Parte 3

      #2 Web3 Security Practices Post Cover Graphic

      Mejores prácticas de seguridad Web3: Parte 2

      Etiquetas de tendencia

      • Puntas
      • Ventas
      • Guías
      • Identidad
      • Dominios
      • club 999
  • Identidad Web3
    • Paso 1️⃣ Mint or Buy Web3 Name
    • Paso 2️⃣ Establecer nombres de usuario principales
    • Paso 3️⃣ Establecer imagen de perfil de avatar
    • Paso 4️⃣ Agregar otros registros de texto
    • Paso 5️⃣ Agregar direcciones criptográficas
    • Paso 6️⃣ Usar sitios web IPFS/TOR
  • Foros Web3
    • 🔐 Consejos de seguridad y privacidad
    • 🛠 Herramientas/Recursos Web3
    • ⚖️ Web3 Derecho/Temas Legales
    • 🕸 ICANN/DNS como Web3
    • 🦾 SIWE + Integraciones
    • ♣︎ Clubes de nombres de dominio
  • Capitalización de mercado de Web3
    • 💵 Ficha $ENS
    • 💸 Gráficos $ENS
Sin resultados
Ver todos los resultados
Web3 Domains℠
Sin resultados
Ver todos los resultados
Hogar Seguridad

Mejores prácticas de seguridad Web3: Parte 4

How To Avoid Common Hacks & Scams in Web3

PhoenixxDown.eth por PhoenixxDown.eth
septiembre 1, 2022
en Seguridad
Tiempo de leer: 9 minutos de lectura
1 0
A A
Donar
0
#4 Web3 Security Practices Post Cover Graphics
Compartir via correo electrónicoCompartir en TwitterCompartir en LinkedInCompartir en FacebookBuscar URL

In the final part of this beginner’s series on Web3 security, where we will cover the most “common types of hacks and scams”.

Armed with the foreknowledge of these dirty deeds – all of which are used against both newbies and seasoned veterans alike – you will have a much greater chance of detecting these nasty traps at first glance, and thus hopefully avoiding them altogether.

You can catch up on Web3 Security, Part 1, Web3 Security, Part 2 y Web3 Security, Part 3 via the highlighted links.

Fake Websites (Traditional Scams)

There are many fake versions of “commonly visited Web3-websites”. You can detect these by carefully examining BOTH the domain extension and domain URL that you’re visiting. For example, the official ENS Vision URL is ens.vision/tools, and there are many ways that a scam version of the URL may present itself: 

  1. may use a different TLD (IE .xyz, in replace of the TLD ‘.vision’), or
  2. may use a different TLD WITH Subdomain (IE ens.vision.com/tools, which uses the ‘.com’ TLD), or
  3. may use a number in the page name (ie: “/t00Is” uses number ’00’, in replace of the letters ‘oo’), or
  4. may use a capital letter in the page name (ie: “/tooIs” uses a capital letter ‘i’, in replace of the letter ‘L’).  

These fake sites may have a fake MetaMask-prompt where they will ask you for your password-or-seed-phrase at the ‘connect wallet’ stage. However, as this is not your genuine MetaMask extension, all password attempts will fail and you will be asked to recover your wallet by typing in your seed phrase. As we know, we never acquiesce to the request of typing our seed phrases.

However, it is also possible for the MetaMask-prompt to be real, and for the scam-website to trick you to authorize them to have access to your wallet. This would put your wallet at risk, even if you are using a hardware wallet.

Website Links Sent via DMs

A common tactic by scammers is to send bulk messages out to server members, often masquerading as the project itself, saying you have won a whitelist spot with them. They will attach a link to their scam website, which will often look very legitimate in appearance, saying you need to claim there. There are many incarnations, but some scammer will pretend to be someone you can trust, and then will try to trick you to click the link to their scam site. In reality, if you connect your wallet with that scam website, and you sign a transaction via your MetaMask after following that link, it will likely be a ‘Set Approval For All’ transaction which will allow the scammer to move any-or-all of your assets, from your wallet, to their own scammer wallet.

The strict rule of “Do Not Click Links” sent to you via Discord/Twitter DM (or from Anyone, Anywhere), which will protect you most of the time. All the same, always check the domain extension and full domain name of the URL, and any of the links that come across your screen (See Examples, Above). Truly, if you’re fresh into Web3 it’s advisable to just “Keep Discord DMs Switched Off” until you’ve found your feet a little.

Hacked or Scam Discord Servers

Unfortunately, the culture of FOMO (fear of missing out) and hyped launches have contributed to people disregarding safety measures temporarily and paying the price for it. If a Discord is hacked, a telltale sign is chat channels have been locked (ie: you’re unable to send a message in the General areas of the server).

Additionally, if the announcement channel is pushing a ‘surprise’ giveaway or mint (often copying and pasting the same message repeatedly) then this is a huge red flag telling you to stay clear and alert anyone you know that Discord is compromised. Much like the Discord DMs example, the hackers will push a fake link with the same consequences of your wallet being drained of its assets, should you proceed.

Never FOMO in and always double-check what you’re clicking. Again, “Always Check The Links” that come across you are going to click (See Examples, Above). If it’s a legitimate project, and you do miss out, then there will always be another opportunity. It only takes one mistake to end it all, and it is not worth the risk, but you can mitigate your risk if you “Do Not Connect Your ‘VAULT’ Wallets” to Discord or to any Website.

Ingeniería social

Social engineering is arguably the number one cause of stolen assets in the Web3 space. So much so, that it likely requires its own focused article. You could have five Ledgers all stored in a fireproof safe, with their seed phrases protected by armed guards and placed in different locations around the world – and still, that would not save you from a social engineering scam.

The most common approach used by scammers is asking you to trade an asset in a private deal, with any one or more of the following occurring:

  • Being approached in a Discord DM by an unknown user to make a trade.
    • Not every instance of this happening is a scam, but the overwhelming majority is so.
    • It’s wise to check the post history of a user in the server before engaging.
      • You can do this by typing ‘ from:username ‘ in the server search bar.
      • A red flag would be if no results are returned.
    • If there are many messages, then still don’t take that as a green light – instead, ask inside the server if anyone can vouch for that user.
      • If they are legitimate, it’s likely someone would have interacted or traded with them previously.
  • Impersonating Moderators/Project Owners.
    • More recently, scammers have been scoping out servers for the Discord IDs of reputable community members, replicating them aesthetically via the display picture/name and using their clout to gain automatic trust with the victim.
      • They then begin to approach server members with another account looking to make a trade and use the impersonator account to act as an intermediary in the deal.
    • Moderators/Founders of projects will generally never contact you via DM, lest of all partake in private trade activity.
      • If you end up in a group DM with one and trade is being discussed, it’s 99% likely you’re talking to a fake ID of those trusted individuals.
  • Loaning or lending your crypto or NFT to someone.
    • Sadly, even people you have grown close to in the space can act out of character and betray your trust.
      • One recent example I witnessed: a trusted member of a community offered to act as an intermediary in a private swap deal.
      • They were to hold both assets and then distribute the funds/assets accordingly once both were received from the buyer and seller.
      • He disappeared shortly after taking everything with him. If it wasn’t for the scammer being so sloppy with his digital footprint being linked to his real ID, he never would have returned the stolen items – and this was only after an onslaught of pressure to track him down was made by fellow community members.
    • This was a person who knew his victim for almost a year; as sad as it is to say, the best way to avoid this is to never get involved in such a scenario in the first place.
      • As such, that rule can be applied to all of the above situations – be naturally paranoid when your assets are at stake.
  • Being asked to set the price to $0.
    • For self-explanatory reasons, this is never a great idea.
    • The scammer will pledge to do the same in order to make a straight asset-to-asset swap with no liquid funds involved.
    • The scammer will not follow through on their end, of course.
  • Other New Social Engineering estafas
    • There will always be new social engineering scams seeking to take advantage of users knowledge & emotions.
    • It will always involve someone pretending to be someone you trust, or setting-up a story for you to trust them.
      • Typically, it will play on your emotions of, such as your: compassion and empathy, or FOMO and greed.
    • It is important to always remain vigilant. With the advent of video deep-fakes, you can never be too careful.

Hackers Used #Deepfake
[of Binance CCO] to Scam.
Expect to see this everywhere.
There is a 'next gen' of scams/scammers;
They're seeking to attack individual-users, at scale.
Self-Custody Your Keys + Attack Vector Awareness. #Web3 #SIWE #ENS $ENS https://t.co/BfuAMUV7EU

— GaryPalmerJr.eth.limo 👁 2223.eth 🌱🐇 (@garypalmerjr) August 31, 2022

Scam and Phishing Emails

If you have your email address linked to your Mar abierto account, be wary of any email which purportedly comes from them.

In June of this year, OpenSea had an email address database leak where an employee of one of their vendors misused their access to download and share OpenSea users’ addresses with an unauthorized 3rd party.

OpenSea DATA LEAK. I've just received this email from OS. So be careful out there if you receive communications from people pretending to be OpenSea's staff. 🙏🚨 pic.twitter.com/QP6erbE7xj

— jackasscrypto.ethᵍᵐ (@crypto_jackass) June 30, 2022

So with this in mind, it’s almost a certainty that those affected will be set to receive phishing emails for some time. If you ever receive an email from OpenSea, double-check the sender and ensure it is from the official OpenSea mailbox. A scam email will redirect to a fake website. I mitigate this by simply never clicking on anything within an OpenSea email. They can never get me this way!

Malicious Contracts & Airdrops

A malicious contract has code written into it that will grant the scammer (who is the owner of that contract access) access to drain your wallet of funds-and-assets.

If you’re not savvy with reading Web3 contracts, the best way to avoid this pitfall is to ask someone who is to examine it for potential issues. Alternatively, although not a perfect option, is to wait to see how others are affected after using it. Again, avoid FOMO as that’s where a lot of mistakes are made – especially with contracts by unknown developers or not from a highly reputable source.

Scammers, are relentlessly enterprising individuals, and scammers have branched out into airdropping Scam-NFTs to Web3 wallets.

They most target wallets that are holding high-value projects, such as BAYC, but anyone can be targeted. Despite the fact that the artwork on these airdrops is often “ugly”, which is bad enough in itself, but when interacting with these scam NFTs (ie: trying to sell them, or move them, to another wallet) will mean that you are interacting with a malicious contract, which could end-up with you risking all your assets to get stolen.

A recent common theme is a scammer will airdrop the NFT, and then make a large WETH offer on it. This is in order to tempt the potential victims into accepting the offer and thus interacting with the malicious contract. It a waste of time and a risk, as the WETH offer can never be completed, even if accepted, so it is an entirely fruitless and risky task.

Malware, Keylogging & Protection

As previously mentioned, be extra vigilant of the downloads you make, specifically if they originate from Twitter or Discord DMs. Unless you know and trust the person you are interacting with, downloading a link via an unsolicited DM has a terrible risk-to-reward rate.

Once live on your device, these malevolent downloads can sometimes grant a hacker remote access to your PC or install malware. On that note and as referenced in Part 1, purchasing some trusted software like MalwareBytes is a good investment and is regarded as the best antivirus protection software for a very affordable price of $30 per year.

Downloading an untrusted version of a program, such as LedgerLive, will fool you into a false sense of security by typing your seed-phrases into it. Additionally, these fake versions of programs have the ability to install malware on your device. Always check that the source of the download is legitimate using the advice given in Part 1 under the ‘Be selective with your browser extensions.’ bullet point.

En conclusión

This concludes the series on Web3 Security Best Practices. Hopefully, these basic tips will have you all set to embark on a safe and highly prosperous journey into Web3!

Remember, being safe and careful will always require more time and effort, but it’s worth doing so. It only takes one mistake to wipe out years of hard work.

Take care!

Etiquetas: Lanzamientos aéreosContratosfalsificaciones profundasDiscordiaDMtrucosRegistro de teclasMalwareSuplantación de identidadestafasSeguridadIngeniería socialCarterasWeb3
EnviarPíoCuotaCuotaEscanear

Obtenga actualizaciones en tiempo real sobre las categorías de esta publicación directamente en su dispositivo, suscríbase ahora.

Darse de baja
PhoenixxDown.eth

PhoenixxDown.eth

PhoenixxDown es un entusiasta e inversionista de web3, predominantemente interesado en la tecnología NFT y ENS. Phoenixx ha sido un ávido escritor desde que tiene memoria, aventurándose en todas las formas de expresión literaria, desde escribir guiones hasta componer textos de marketing para grandes marcas y, más recientemente, artículos basados en información para web3. Vive en Londres y, cuando no se queja del clima, disfruta de las carreras de caballos, los saunas y criar a su familia.

Relacionado Publicaciones

#3 Web3 Security Practices Post Cover Graphics
Seguridad

Prácticas recomendadas de seguridad Web3: Parte 3

por PhoenixxDown.eth
agosto 18, 2022
56
#2 Web3 Security Practices Post Cover Graphic
Seguridad

Mejores prácticas de seguridad Web3: Parte 2

por PhoenixxDown.eth
agosto 17, 2022
29
#1 Web3 Security Practices Post Cover Graphic
Seguridad

Mejores prácticas de seguridad Web3: Parte 1

por PhoenixxDown.eth
agosto 5, 2022
59

Deja una respuesta Cancelar la respuesta

Tu dirección de correo electrónico no será publicada. Los campos obligatorios están marcados con *

Estoy de acuerdo con los Términos y condiciones y Política de privacidad.

Traducir Sitio web

es_ES Spanish
es_ES Spanish en_US English fr_FR French zh_CN Chinese de_DE_formal German ar Arabic pl_PL Polish it_IT Italian pt_BR Portuguese

Síganos a través de las redes sociales

Suscribirse a Nuestro boletín

*No venderemos su correo electrónico ni enviaremos spam.

Mercado Precios

  • BTC
  • Dólar estadounidense
  • EUR
  • Guay
  • GBP
  • ethereum
    Etéreo (ETH)
    -0.95%
  • chainlink
    Eslabón de la cadena (ENLACE)
    -0.66%
  • ethereum-name-service
    Servicio de nombres Ethereum (ENS)
    6.26%

Búsqueda por Monedas y canjes

Navegar por Etiqueta

club 999 API Audio Mejores prácticas Marcas Negocio Comprar Clubs Comunidad Consideraciones Contratos DNS Dominios EIP-4361 Emoji Keycaps emojis ES Etéreo Guías Identidad Entrevista IPFS Mercado acuñación Envoltorio de nombre NFT Normalización Inducción Pódcast Reunión Inscripciones Ventas buscando Seguridad SIWE subdominios la fusión Puntas COLINA Espacios de Twitter Actualizaciones nombres de usuario Video Carteras Web3
The Original, Open Source, Hardware Wallets. The Original, Open Source, Hardware Wallets. The Original, Open Source, Hardware Wallets.

Búsqueda Artículos del sitio web

Sin resultados
Ver todos los resultados
Web3 Domains℠

Web3 Domains℠ crea contenido sobre dominios descentralizados, sitios web distribuidos y nombres de usuario de Web3. Obtenga información sobre la seguridad de Web3 y la privacidad de Web3.

Síganos a través de las redes sociales

Mensajes recientes

  • ENS Normalization Updates & Benefits
  • ENS vs Unstoppable Domains
  • Impulse Buying ENS Domains
  • Mystery of the “👨‍🦲.eth” Wallet
  • Lens Protocol Partners with ENS

Web3 Temas

  • Capitalización de mercado de Web3
  • Ficha $ENS Web3
  • escaparate de nombre
  • Ecosistema
  • Ventas de nombre
  • Seguridad

Suscribirse a Nuestro boletín

*No venderemos su correo electrónico ni enviaremos spam.
  • Sobre
  • Anunciar
  • Contacto

Web3 Domains℠ & Web3Domains.com © 2023 TechnoRealism, Inc., UCC § 1-308 | Privacidad

Sin resultados
Ver todos los resultados
  • 🏠 Inicio
  • Tecnología
  • integraciones
  • Cultura
  • Ecosistema
  • Ventas de nombre
  • Seguridad
  • Foros Web3
    • Comience con ENS
  • es_ESSpanish
    • arArabic
    • zh_CNChinese
    • en_USEnglish
    • fr_FRFrench
    • de_DE_formalGerman
    • it_ITItalian
    • pl_PLPolish
    • pt_BRPortuguese

Web3 Domains℠ & Web3Domains.com © 2023 TechnoRealism, Inc., UCC § 1-308 | Privacidad

¡Bienvenido de nuevo!

Inicie sesión en su cuenta a continuación

¿Contraseña olvidada? Inscribirse

¡Crear una nueva cuenta!

Complete los formularios a continuación para registrarse

Todos los campos son obligatorios. Iniciar sesión

Recupera tu contraseña

Ingrese su nombre de usuario o dirección de correo electrónico para restablecer su contraseña.

Iniciar sesión

Agregar nueva lista de reproducción

es_ESSpanish
en_USEnglish fr_FRFrench zh_CNChinese de_DE_formalGerman arArabic pl_PLPolish it_ITItalian pt_BRPortuguese es_ESSpanish
Este sitio web utiliza cookies. Si continúa utilizando este sitio web, está dando su consentimiento para que se utilicen cookies. Visita nuestro Política de privacidad y cookies.
¿Seguro que quieres desbloquear esta publicación?
Desbloquear a la izquierda: 0
¿Seguro que quieres cancelar la suscripción?
-
00:00
00:00

Cola

Actualización requerida Complemento flash
-
00:00
00:00
Ir a la versión móvil